Facebook Privacy using Friend Lists

Friday, December 04, 2009

Todd Zebert


While Facebook’s Privacy settings are a powerful method of controlling who sees what kind of information about you, unless you create and maintain Friend Lists, you are effectively limited to all Friends seeing everything.

Friend Lists
The first step in creating and using Friend Lists to think about how what information you might not want all your friends to see, and how you might want to group your friends. Some examples:

- Create a list of Work Friends and limit Work Photos and Videos to just them
- Create a list of Work Friends and exclude them from Photos (and Videos) Tagged of You – no need for you boss to see you buddy’s picture of you and him partying
- Create a list of Relatives and limit your Current Address and Home Phone to just them

As discussed in Take Control of your Facebook Security & Privacy Settings, answering "Who can see this?" can be handled different ways. You can think about this is two basic ways:

- Allowing Friends or Lists of Friends to see something
- Excluding Friends or Lists of Friends from seeing something

To allow Lists of Friends, the “Some Friend” method must be used BUT it is not available for all information types. The “Except these People” method is available in all cases. So, a mixture is probably the best with an emphasis on exclusion.


- Set “Saturday Night Party Pix” Album to Some-Friends: “Party People List”
- Set “Sick Day Concert Pix” Album to Except: “Work List” Set “Kids Photos” Album to Except: “List of friends I don’t know that well”
- Set “Dick and Jane Drunk” Video to Some-Friends: Dick, Jane

Friends can be placed into almost any number of Lists, but Lists can’t contain Lists.

There are two ways to assign friends:

A. By Edit List which presents scrolling columns of all Friends and (Fan) Pages that you can easily select from. The scrolling click-to-select method is fast but the inclusion of (Fan) Pages may really much up the list.
B. From the Friends List which presents a paged list of just Friends that you can easily see how many (and which with a click) Lists they belong to. In this way it’s easier to add a Friend to multiple Lists, and there are no (Fan) Pages, but navigation is not as fast, and it’s also not easy to “see” the whole of who’s in the List.

There is no known benefit to making Lists of (Fan) Pages. 

To get started, first create at least one Friend List:

1. Click Friends (top menu)
2. Click Friends (left menu, under “Lists”)
3. Click Create New List (top left button)
4. Type in the new List name (top field)
5. It’s best to wait, but you could select Friends you’d like to add to the List
6. Click Create List

To assign Friends to a List, follow these steps for the ways described above:

A. From the Friends page, click a List from the left column, click the Edit List button. Click to select Friends. Note: Selected Friends will be highlighted in blue with a checkmark on the bottom left of their picture.
B. From the Friends page, click Friends from the left column. For each Friend, use the drop-down arrow and box (to the right) to select Lists to place Friends in, or even create a new List.

To utilize these new Lists see Take Control of your Facebook Security & Privacy Settings. You'll have to change the Privacy settings in your account, and on every Photo Album, Note, Video, and Application. The forthcoming article in this series will show you how to set specific defaults so every new item will inherit some type of privacy besides the Facebook default (Everyone, All Networks).

Notes of Assigning Privacy

The “Mobile Uploads” Album needs a work-around to set Privacy:

- When you try to Edit Info it won’t display the Album Name in the field, and when you change the Privacy settings and click “Save Changes” it will give you the error “You must enter an album name. Go back and try again.”
- The work around is to enter the name “Mobile Uploads”, verify Privacy settings, and click “Save Changes” again. It should work.

The “Profile Pictures” Album has no Edit Info and therefore no Privacy settings:  

- All friends can see ALL your Profile Pictures, although you can remove individual photos from this Album. Your current Profile Picture may be shown to strangers in your Facebook Search Listing and Public Search Listing. You can control this by using the controls under Privacy > Search

If you use Photo’s “share this album with anyone” link:  

- The privacy settings do NOT apply. ANYONE with that link can see the Photos.

If you use Video’s “Embed this Video” link:

- Privacy settings are applied. “The video will respect your privacy settings from Facebook.”

Videos don’t go into albums:

- Since they can’t inherit Privacy settings from an Album, they will default to “Everyone” plus your Networks. This is especially problematic if you email upload videos. To establish default Privacy settings, you must edit the settings of the Video App (see next Article).

Check out the next article in this series, Facebook Application and Content Creation Privacy

Possibly Related Articles:
Security Awareness Privacy Webappsec->General
Facebook Privacy
Post Rating I Like this!
Barb Berendt This is a really useful article. I had to go through the FAQ's to manage individual exclusions. And on the list side, I didn't have time to do more than create several friends lists but have not applied any filtering yet. I'm going to use this info when I get back to it. Thanks!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.